diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2015-04-06 13:33:39 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2015-04-18 07:11:55 +0200 |
commit | fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b (patch) | |
tree | 6eb7dad86ba49c73f46ed1aa61a629ec1eac87da /pkgs/development/libraries/t1lib | |
parent | 3dba642c33dfb9fe9fca9290b5ea8ede43ed9d54 (diff) | |
download | nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.tar nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.tar.gz nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.tar.bz2 nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.tar.lz nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.tar.xz nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.tar.zst nixpkgs-fe3e336590df32a5e7f5c2c8ad39beda6dcbae1b.zip |
t1lib: fix several years old security problems
/cc xpdf maintainer @peti may want to use it now. Tested pdflatex on some PDFs of mine using T1-encoded fonts (hopefully that used the library at least).
Diffstat (limited to 'pkgs/development/libraries/t1lib')
-rw-r--r-- | pkgs/development/libraries/t1lib/default.nix | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/pkgs/development/libraries/t1lib/default.nix b/pkgs/development/libraries/t1lib/default.nix index 6470ebd3b46..039dc59774c 100644 --- a/pkgs/development/libraries/t1lib/default.nix +++ b/pkgs/development/libraries/t1lib/default.nix @@ -1,5 +1,20 @@ -{stdenv, fetchurl, xlibsWrapper, libXaw, libXpm}: +{ stdenv, fetchurl, fetchpatch, libX11, libXaw }: +let + getPatch = { name, sha256 }: fetchpatch { + inherit name sha256; + url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/${name}" + + "?h=packages/t1lib&id=643a4c2c58e70072b5bc1e9e4624162517b58357"; + }; + + patches = map getPatch [ + { name = "lib-cleanup.diff"; sha256 = "1w3q1y4zk0y4mf2s2x9z4cd8d4af8i868c8837p40mz3dqrai4zp"; } + { name = "format-security.diff"; sha256 = "0cca94bif9dsc6iwpcnk1504gb3sl3nsqhni85c21q9aywyz26l3"; } + { name = "CVE-2011-0764.diff"; sha256 = "1j0y3f38im7srpqjg9jvx8as6sxkz8gw7hglcxnxl9qylx8mr2jh"; } + { name = "CVE-2011-1552_1553_1554.patch"; sha256 = "16cyq6jhyhh8912j8hapx9pq4rzxk36ljlkxlnyi7i3wr8iz1dir"; } + { name = "CVE-2010-2642.patch"; sha256 = "175zvyr9v1xs22k2svgxqjcpz5nihfa7j46hn9nzvkqcrhm5m9y8"; } + ]; +in stdenv.mkDerivation { name = "t1lib-5.1.2"; @@ -7,8 +22,12 @@ stdenv.mkDerivation { url = "mirror://metalab/libs/graphics/t1lib-5.1.2.tar.gz"; sha256 = "0nbvjpnmcznib1nlgg8xckrmsw3haa154byds2h90y2g0nsjh4w2"; }; + inherit patches; - buildInputs = [xlibsWrapper libXaw libXpm]; + buildInputs = [ libX11 libXaw ]; buildFlags = "without_doc"; + + postInstall = "chmod +x $out/lib/*.so.*"; # ?? + } |